EDS Loses Sensitive MoD Data
EDS Loses Sensitive MoD Data
October 13, 2008: It seems that barely a week goes by these days without a fresh story of grievous data loss with a UK government department somehow involved. Last week, the UK Ministry of Defence (MoD) launched an investigation into a missing hard drive, potentially containing personal information on some 100,000 Armed Forces personnel.
The missing drive was discovered during an audit by EDS, the MoD’s main IT contractor, and was linked to the department’s training administration and financial management information system (Tafmis).
“On Wednesday 8 October we were informed by our contractor EDS that they were unable to account for a portable hard drive used in connection with the administration of armed-forces personnel data,” said the MoD in a statement. “This came to light during a priority audit EDS are conducting to comply with the Cabinet Office data-handling review. The MoD police are investigating with EDS.”
The drive could contain dates of birth and telephone numbers, bank and driving licence details, and passport numbers and addresses, and it may also house details on 600,000 potential recruits.
Worse still, the drive is reportedly unencrypted, giving anyone who finds (or stole) it full access to the data it holds.
In a statement, EDS said that there was no evidence that there had been a security breach at the facility where the drive was stored, but it is not known if it was stolen or lost. The company says it is possible that the drive has been moved to another part of its Hampshire office, or that it may even have been taken home by an employee.
While it is not a government department itself that has made the blunder this time around, the fact that a government contractor is at fault is not much better. The incident, the latest in a long line of high-profile breaches, is extremely embarrassing for the UK government, and no doubt will put a severe dent in its plan to roll out a national ID card.
Comment on this story